Being hacked is not a great experience. It makes you go mad and feel empty at the same time.
But, that doesn’t mean that you should panic! Stay calm and follow this guide to fix your WordPress website.
The coolest thing about WordPress is how popular it is, but it also brings the curse along with it.
Popular platforms, such as WordPress are targetted more often by the hackers or script kiddies.
Also, it is always a good idea to backup your website once it is hacked.
How to Recover Hacked WordPress Website?
You must be thinking, why would you want to backup a hacked version of your website? This is because many web hosting companies tend to delete your data once they know that your website is hacked.
If you already have a backup, congrats, you are half-way through making your website work.
With much delay, let’s get started with the guide.
Ask for Professional Help
If you have no idea how WordPress works or is not well-versed with the security aspects of WordPress, it is always a good idea to hire a professional.
Also, keeping the fact that security is a serious business and there is no walkthrough to solve a hacked website, a security professional can easily ease out your problem.
You can check online platforms such for security professionals. The only drawback of this approach is the fact that the hourly charge of the security experts are very high and you might not be ready to invest, especially small business and bloggers.
Now, let’s move to the next set of instructions on how to clean your hacked WordPress website. For following the guide, you must have a clear understanding of how WordPress works.
Clean Your Local Machine
Even though your website has been hacked, there can be equal chances that your local machine has taken a plunge too.
To make sure that you are operating using a clean machine, run your antivirus and update every security software that you are using.
Identify the Hack
The next step is to identify the hack. Questions such as Where from the hack generated? Which files are affected? What part of the website are malfunctioning? These questions can help you get a clear picture of the affected part.
It is also a good idea to check the service status of your hosting service. You may not want to come back later to find out that it was a problem from the side of the hosting provider.
Change all passwords
Being hacked is a bad experience, but keeping the same passwords after being hacked is the biggest mistakes.
Change the passwords for your MySQL/FTP/SFTP as soon as possible. Also, change passwords for anyone who can login into the side backend or frontend, including customers, contributors, etc.
Contact Your Hosting Service
Many hosting service providers have excellent support. So, it is always a good idea to contact the hosting company and let them know about the problem.
Their technical team will take a look at the problem and might come up with a solution.
Also, many hosting providers take a backup of your website periodically. They might want to revert back to the last known working version. They will probably ask for your permission before reverting back to the working version.
If you are using a shared hosting, things can be different. There can be many victims of the attack and in this case, it is better to wait some time before proceeding to clean your website yourself.
Restoring From Backup
Our next step is to restore from backup. Restoring is generally an easy process and won’t’ take much time.
If you are not sure how to do it, check out the handy guide from WPBeginner
If you have a backup for a long time and don’t want to proceed with a backup, it is a good idea to remove the hack manually.
There is one more way to get back your post. Google offers a history of the web pages. Backup your last known WordPress installation and use the Google web cache to restore the content manually. Tedious, but works.
Run a website full scan
After restoring, it is always a good idea to check the website for any backdoors or malicious code.
You can read 7 Best WordPress plugins to detect malicious code and start working on the problem.
It is also a good idea to secure your wp-config.php file. You may also want to use a full-fledged security plugin for your WordPress website. My personal choice is WordFence and Sucuri.
Change Your Password Again
With everything looking good, it is a better idea to change the passwords again.
This will keep things clean and make you ready for the next journey.
Check user permissions
It is a good idea to provoke user permissions that are not required. You can also opt to delete a use if you see any suspicious activity.
In short, give access to those who need and delete the ones that are unnecessary.
End Notes
In the end, it is you who can keep your site healthy for a long time. Any site requires constant maintenance, updates and other forms of governance.
In order to make your website more secure, it is always a good idea to follow the below points.
- Choose a good hosting. If you are really serious about security, you might want to give managed WordPress hosting a try.
- Disabling theme and plugin editors can further help you make your website more secure.
- Use a full-fledged security service/plugin for your website. Sucuri is a great choice. A good alternative is WordFence.
- Always update your WordPress core, themes, plugins when they are released. Most of the updates contain security updates that you don’t want to miss.
In the end, a healthy website will keep your visitors happy and also make Google keep your rating. Google is very harsh against a malicious website, so you should take extra attention to the security of your website.
If you found the article useful, don’t forget to share and comment.
Leave a Reply